Ing Life Case Study
ING Life Case Study
1. What are the probable difficulties and risk associated with using public infrastructure, such as the internet, as part of a private business solution?
Many credit reporting systems that use internet as a mean to transfer credit data is insecure. Security holes can exist in several main parts of the credit reporting system such as data transfer, database, interface and network.
When a user order and receive information, data are transferred through the internet where hackers can listen in and intercept the data if it’s not properly encrypted. Logins, passwords and subscriber codes could also be intercepted by hackers during the transmission of data through the internet.
If the database is not configured correctly, unauthorized employees or customers can hack into the system and access private customer list, subscriber codes, etc. Sharing a single database for all their customers means that a competitor could potentially look at their information.
An insecure interface opens up the system for potential fraud.
Improper network configuration can leave parts of the system vulnerable. Once a component of the system is compromised, hackers can use the newly gained access to their advantage in obtaining access to other parts of the system. A security breach in the system can take it all down.
2. Discuss the precautions taken by ING to ensure security. Were the measures adequate?
They built an extranet and offered a Web-to-host service that would allow partners to access mainframe data directly via the internet. The client software is automatically installed as a browser applet; using a browser as an interface. They have two NT servers, a new SNA gateway and a Cisco Pix firewall connected to the internet via a leased T-1 line. The Pix firewall would prevent unauthorized access to the data. Also, the Web-to-host software used a SSL connection. They had security consultants probe the system for vulnerabilities. Yes.
3. Comment on
1. What are the probable difficulties and risk associated with using public infrastructure, such as the internet, as part of a private business solution?
Many credit reporting systems that use internet as a mean to transfer credit data is insecure. Security holes can exist in several main parts of the credit reporting system such as data transfer, database, interface and network.
When a user order and receive information, data are transferred through the internet where hackers can listen in and intercept the data if it’s not properly encrypted. Logins, passwords and subscriber codes could also be intercepted by hackers during the transmission of data through the internet.
If the database is not configured correctly, unauthorized employees or customers can hack into the system and access private customer list, subscriber codes, etc. Sharing a single database for all their customers means that a competitor could potentially look at their information.
An insecure interface opens up the system for potential fraud.
Improper network configuration can leave parts of the system vulnerable. Once a component of the system is compromised, hackers can use the newly gained access to their advantage in obtaining access to other parts of the system. A security breach in the system can take it all down.
2. Discuss the precautions taken by ING to ensure security. Were the measures adequate?
They built an extranet and offered a Web-to-host service that would allow partners to access mainframe data directly via the internet. The client software is automatically installed as a browser applet; using a browser as an interface. They have two NT servers, a new SNA gateway and a Cisco Pix firewall connected to the internet via a leased T-1 line. The Pix firewall would prevent unauthorized access to the data. Also, the Web-to-host software used a SSL connection. They had security consultants probe the system for vulnerabilities. Yes.
3. Comment on